0

So I'm working on my website and come to a place where I added a contact form. I got it working, it is sending emails to my server mail but I'm keep getting same email each time I reload the site and here comes the second problem. When I press F5 button I'm getting an alertbox with "Confirm form Resubmission" "The page that you're looking for used information that you entered. Returning to that page might cause any action you took to be repeated. Do you want to continue?"

I tried to do my best but couldn't change it, could someone explain what is wrong in my code? Thanks a lot for your time answering me! 

<?php 

// define variables and set to empty values
$name_error = $email_error = "";
$name = $email = $message = $success = "";

//form is submitted with POST method
if ($_SERVER["REQUEST_METHOD"] == "POST") {
  if (empty($_POST["name"])) {
    $name_error = "Name is required";
  } else {
    $name = test_input($_POST["name"]);
    // check if name only contains letters and whitespace
    if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
      $name_error = "Only letters and white space allowed"; 
    }
  }

  if (empty($_POST["email"])) {
    $email_error = "Email is required";
  } else {
    $email = test_input($_POST["email"]);
    // check if e-mail address is well-formed
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
      $email_error = "Invalid email format"; 
    }
  }

  if (empty($_POST["message"])) {
    $message = "";
  } else {
    $message = test_input($_POST["message"]);
  }

  if ($name_error == '' and $email_error == ''){
      $message_body = '';
      unset($_POST['submit']);
      foreach ($_POST as $key => $value){
          $message_body .=  "$key: $value\n";
      }

      $to = 'admin@xxxx.xxx';
      $subject = $email;
      if (mail($to, $subject, $message)){
          $success = "Message sent, thank you for contacting us!";
          $name = $email = $message = '';
      }
  }

}

function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}

AND HTML :

<form id="contact" action="<?= htmlspecialchars($_SERVER[" PHP_SELF "]) ?>" method="post">
                            <h3>Contact me</h3>
                            <h4>Just send me an email and I will respond as fast as I can!</h4>
                            <fieldset>
                                <input placeholder="Your name" type="text" name="name" value="<?= $name ?>" tabindex="1" autofocus>
                                <span class="error"><?= $name_error ?></span>
                            </fieldset>
                            <fieldset>
                                <input placeholder="Your Email Address" type="text" name="email" value="<?= $email ?>" tabindex="2">
                                <span class="error"><?= $email_error ?></span>
                            </fieldset>

                            <fieldset>
                                <textarea value="<?= $message ?>" name="message" tabindex="3">
                                </textarea>
                            </fieldset>
                            <fieldset>
                                <button name="submit" type="submit" id="contact-submit" data-submit="...Sending">Submit</button>
                            </fieldset>
                            <div class="success">
                                <?= $success ?>
                            </div>
                        </form>
Xavier Guihot
  • 54,987
  • 21
  • 291
  • 190
cukser
  • 1
  • 4
    redirect to a new page at the end of the script to avoid form resubmission – Felippe Duarte Mar 28 '18 at 19:19
  • On a side note, are you trying to validate input after form submission? You should probably do that with JavaScript and not PHP. – Paulo Hgo Mar 28 '18 at 19:26
  • @PauloHgo *Never* just rely on JavaScript for validation. That's a *convenience* that can easily be circumvented. *Always* validate on the server side even if you already have client side validation. – John Conde Mar 28 '18 at 19:27
  • @PauloHgo Never rely solely on client-side validation. It is easily bypassed. If you are going to use client-side validation, it should _also_ be accompanied by server-side validation. – Patrick Q Mar 28 '18 at 19:28
  • Got it, thanks guys. – Paulo Hgo Mar 28 '18 at 19:28

0 Answers0